Security

Encryption at every level

Every communication channel (http,smtp,pop3,imap,instant messaging) can be accessed using SSL encryption.

DeskNow also includes MD5 128bit password hashing with one-time salt for secure web login even when not using SSL.

User management

Access to every shared resource is regulated by fine-grained access control (public, only authenticated users, password, specific users / groups, etc.). It is further possible to restrict access to particular features (ex. disable access to instant messaging) by means of User classes.

It is possible to enforce strong password policies with password expiration, minimum length and minimum number of non-letter characters.

It is possible to temporarily disable accounts / domains preventing logins while still receiving emails.

It is possible to block login from a certain IP address after a certain number of login failures, to prevent brute force password attacks.

Logging

Extensive logging is provided reporting every potential security breach, including failed login attempts, access to unauthorized resources or operations, cross site scripting attacks, and more.

Auditing

DeskNow can help meet regulatory compliance requirements through its unique audit logging. Every 'change' action performed by users (delete or change documents, delete shared messages, send emails, change password, create users, etc.) can be logged. Every action logged is traced with full source IP address and authenticated username used to login. To simplify reporting and archival, audit logs are automatically organized by domain, year, month, day.

All instant messaging conversations can be logged as well.

Security report

Every domain administrator can generate a security report in PDF format, to get a documented state of the system including all accounts, user classes, quotas, shared objects, permissions, etc. This is useful for highly regulated environments where it is common to periodically review and document the security policies of an organization.

Active Directory, Kerberos and LDAP authentication

DeskNow can integrate with your existing Active Directory or LDAP server to authenticate users. The service is fully dynamic, i.e. DeskNow can automatically create user accounts. If an AD or LDAP account is removed, the account in DeskNow is blocked (but not deleted, for security reasons). If the account password in AD or LDAP is changed, it is automatically changed in DeskNow.

External authentication lets you administer all the accounts and password in a single place, saving time and complexity.

You can also set up custom queries if you have multiple domains, if your DeskNow domains are different from your AD or LDAP domains, and so on.

External plugin API for authentication

For the ultimate flexibility, it is possible to create a custom authentication plugin for DeskNow. With this, you can authenticate users against a database table, a text file or any other non-standard format.